Skip to main content

Data Protection & Compliance

Your data. Your control.

Complete transparency on what we collect, how we store it, and what we'll never do with it. Your data is never sold. Your conversations are never used to train AI models.

What we collect and why

Voice & transcripts

Voice data and conversation transcripts power real-time AI responses, simulation feedback, and personalized coaching. This data also feeds admin dashboards, giving organizations insight into capability gaps and training impact.

Usage metadata

Session timestamps, scenario selections, and engagement metrics support admin reporting and help us refine the platform experience. This metadata is never linked to individual learner identities externally.

Account information

Names, email addresses, and organizational roles are used solely for platform access and administration. Account data is never used for marketing, profiling, or shared beyond your organization.

Retention, Control, and Residency

Granular control over how your data is stored.

Ambr AI is hosted on Google Cloud infrastructure in the UK. For organizations with specific residency requirements, we support data storage in additional regions on request, including per-customer configuration for audio recordings.

Configurable retention

Retention periods are configurable per organization to match your internal policies.

Granular selection

Choose what is retained: audio recordings, transcripts, simulation feedback, or any combination.

Deletion on request

Data can be deleted at any time during the contract term. All customer data is deleted within the agreed timeframe on contract termination.

Verified deletion

Deletion is verified and documented, with confirmation provided to your organization.

GDPR Compliant

Compliant

GDPR compliance is foundational to how we operate.

  • Lawful basis is documented for all processing activities
  • Data Processing Agreements are executed with every customer
  • Data Subject Access Request processes are in place and tested
  • Privacy-by-design principles are embedded in product development from the outset

Ambr AI is EU-based and hosted on Google Cloud infrastructure in the UK, with the ability to support additional regions on request.

EU AI Act

Aligned

Ambr AI is classified as a non-high-risk system under Article 6(3) of the EU AI Act. Our platform is documented in accordance with the Act’s risk-based framework, and transparency obligations are built into the product by design.

We maintain ongoing review of our classification and documentation as regulatory guidance evolves.

Ongoing Verification

Ongoing

Our platform undergoes regular third-party penetration testing and vulnerability assessments to identify and address security risks. This is complemented by continuous automated monitoring across our codebase and infrastructure.

Trusted by

Deloitte
Skyscanner
IWG
Vaultex
TidalHealth
Peabody

Have a specific security or compliance question? Talk to us.

Sub-processorsData Processing AgreementTrust PortalResponsible AI